One of the first things hackers do before they launch an attack is to make sure they have covered their tracks.
- One common practice is to break into poorly secured computers and use these hijacked systems as proxies through which they can launch and route attacks worldwide.
- Malicious hackers use viruses, worms, phishing mails and other malware to take control of internet servers or personal computers to create a network of ‘zombie’ computers, also known as botnets.
- These botnets are then used to launch attacks.
- As a result, an attack may appear to come from a particular server or computer, but this does not mean the attack originated at that device.
- Often a string of different proxies are used, typically located in different countries.
This makes it difficult to carry out forensics and locate the original computer from which an attack is launched. It can be done but requires law enforcement from different countries to co-operate with each other.
On the surface this may seem straightforward but political agendas can get in the way of forensics. For instance, law enforcement might trace an attack as far as a server IP address in Russia or a router on Chinese territory.
This doesn’t provide definitive proof that the attack was launched from a server in Russia or a router in China, these devices could be proxies used by the attackers. But political relations, for instance between the US, Russia and China, ensure that the forensics investigations can’t go any further. This is why it is often difficult to actually catch attackers. That said, circumstantial evidence can certainly point a finger in the right direction.
Small targets, big gains
Attackers sometimes start their attacks by attacking small, remote and obscure computers or networks or piggyback into networks by infecting other devices. Their ultimate targets are often large organisations with sensitive information.
But they don’t just press a big red attack button; rather they carry out reconnaissance and crawl through a victim’s network to find suitable launch points to reach their ultimate targets.
- Foreign nation state-backed hackers took over outdated Windows servers run by a small company. They then moved across the network onto other servers. Spear-phishing emails were then sent from these compromised servers to more than a hundred targets, including companies working for the US Department of Defense.
- Attackers exploited a vulnerable web application on public school servers to break into them. They moved around the networks and installed backdoors on the school’s computers to launch more attacks.
- Malicious hackers breached a community club network and then distributed malware to anyone who connected to the club’s Wi-Fi. The attackers then later piggybacked into corporate networks when the devices owners had been infected logged onto their company networks.
- Chinese spies penetrated an old computer belonging to a welding firm located deep in the Wisconsin country side. The hackers used the compromised computer to plan and stage attacks on a major Manhattan law firm, one of the world’s biggest airlines, a prominent university and other targets.
Often these firms or individuals have no idea their computers have been compromised until one day they receive a knock on the door from men in suits and raincoats who have a lot of questions.
Many entry points exploited by hackers are often simple vulnerabilities, for instance operating system and software updates that haven’t been applied, or phishing mails that the recipient has clicked on.
You can avoid being exploited by using good security software such as the award-winning, triple layers of protection, BullGuard Internet Security
. It will send attackers packing and keep your home computer safe.